DOD to expand public-private cybersecurity project

By Amber Corrin

Apr 25, 2012

The Defense Department is planning to expand its defense industrial base cybersecurity pilot program, and expects to get the green light from the White House within the next two months, DOD CIO Teri Takai said April 24.

“We’ve been working on this for two years now,” Takai told a cybersecurity forum organized by Rep. Jim Moran (D-Va.) in Arlington, Va., according to Federal News Radio. “Our plan this year is to expand this, and I think it’ll give a lot more companies the opportunity to share not only with us, but with each other.”

The program currently has 37 participants; once new rules are approved by the Office for Management and Budget, that number would grow to 200.

In January it was announced that the Homeland Security Department would take an active role in the project, but it would still be overseen by DOD, where the project was originally rolled out in July 2010 by then-Deputy Defense Secretary William Lynn. With DHS on board, the project was designated as the Joint Cybersecurity Services Pilot (JCSP), according to a DHS privacy assessment released in January. According to published reports, Takai indicated that DHS may launch its own version of a public-private cybersecurity initiative.

DOD’s voluntary pilot project is designed to facilitate open communication on cyber attacks and malicious cyber activity among private-sector companies, internet service providers and government agencies.

“We provide information to them as it relates to threats, and they also share in a confidential manner the threats they face and the actions they’re taking,” Takai said of defense contractors, according toBusinessWeek. “We all get hit by the same kinds of things,” but also different threats from time to time.

As the DIB pilot prepares for expansion, it’s unclear whether DOD and the participants have addressed issues that were criticized by some members of Congress and in a Washington Postreport on an internal study of the program, conducted by Carnegie Mellon University researchers earlier this year.

The study showed that the information-sharing plan is viable and ISPs are capable of handling classified intelligence from the National Security Agency, but it also revealed the program wasn’t effective in stopping cyber attacks that participants could have prevented themselves without the shared data.

“Unfortunately, the report on the DIB Pilot Program highlights one of my continuing points, that there is no silver bullet in cybersecurity,” Rep. James Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, said in a Jan. 17 statement. “Signature-based defenses alone will never be enough to secure our defense contractors, our classified networks or our critical infrastructure. We need a comprehensive approach to cybersecurity that incorporates innovative information-sharing arrangements with industry, while also boosting our capabilities for our own defenses and those who manage our critical infrastructure.”